DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2021-40690

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-40690

CGA ID

CGA-3wqx-hg8p-7g74

Severity

7.5

High

CVSS V3

Description

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images